Some aspects of the Personal Data Protection Act (個人資料保護法), which comes into force today, contain controversial clauses that will require further amendments, a judicial official said yesterday.
Approved by the legislature in April 2010, the act was promulgated by President Ma Ying-jeou (馬英九). However, it did not come into force until now because of the controversies surrounding some of its articles.
The Executive Yuan has decided that parts of the act that do not need further consideration will take effect today and it has instructed the Ministry of Justice to communicate with lawmakers to push for the passage of the articles that have caused some consternation.
Chen Wei-lien (陳維練), director of the ministry’s Department of Legal Affairs, said people have complained about rampant marketing telephone calls.
Under the new law, people can ask sales representatives not to call again and remove their personal data. If companies continue to do telemarketing, but fail to explain how they collect personal information, people can report them to the authorities or even file a civil suit with the courts asking for compensation, Chen said.
As for online material, it is legal to post personal information on the Internet when the reason for doing so is to safeguard public safety by showcasing lawbreaking, such as films of criminal suspects caught on surveillance cameras or people who are naked in public places.
It is legal for people to search for and post the personal data of law-breakers — such as someone who tortures animals or causes traffic accidents — online, but posting personal data online for other reasons is not, Chen said.
Violators of the act can face a maximum prison sentence of five years, a fine of up to NT$200,000 or both, Chen said.
The revised clauses that have not come into effect yet are pending approval by the legislature.
Under the revised version of Article 6, health records are listed as a type of information that may not be collected, used or processed for any means, joining data on medical treatment, genetic information, sexuality and criminal records, which were already listed in the 2010 version of the article.
Exceptions were made for six situations, two of which were new additions to the article: when public interests were at stake and when the written consent of concerned parties was provided.
The revised version of Article 54 removes the requirement for financial institutions to inform individuals about information not personally provided by the concerned party within one year after the effective date of the act.
It stipulates instead that financial institutions must inform individuals of the data they possess before they use or process that information.